The Microsoft Browser Vulnerability Research team is currently testing a Super Duper Secure Mode for the Edge web browser. That’s right. This mode is all about securing Edge ignoring any negative impacting performance. Although this mode is extremely experimental as of now, it will prevent attackers to try to exploit bugs in Microsoft’s browser by turning off certain optimizations. But the company says that the mode will most likely be renamed that sounds more professional at the launch. At the core of the experiment is the “Just-In-Time-Compilation” (JIT) engine. This technology can help speed up web browsing but may hinder system security. The Super Duper Secure Mode works by removing Just-In-Time compilation from the V8 processing pipeline, which ultimately decreases the attack surface that can be used to hack into Edge’s systems.
“Our hope is to build something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers. Mitigations have a long history of being bypassed, so we are seeking feedback from the community to build something of lasting value.” The team though, does admit that the name Super Duper Secure Mode is “slightly provocative” but only because they wanted to work with fun and also because it’s too early for the christening. Although don’t raise your hopes for the name, lol. In the experiments, the team of Microsoft did hundreds of performance tests, disabling and enabling JIT. “Anecdotally, we find that users with JIT disabled rarely notice a difference in their daily browsing,” Microsoft clarifies. Rigorous testing shows performance variance, but the impact of those changes on browsing is still not discovered fully.
But that is highly debatable, as Norman says that users with JIT disabled rarely notice a difference in their daily browsing in testing. The performance degradation across multiple tasks ranged from no change at all to 16.9 percent, gaining an average 11 percent increase in power consumption and a 2.3 percent increase in memory usage. But a notable change of range as high as 58 percent may occur in the infamous Speedometer 2.0 which no one is talking about. “However, often users do not notice this impact because this benchmark tells only part of a larger performance story,” Jonathan goes on to explain. And that is indeed true for all benchmarks. Furthermore, the Microsoft team plans to scrutinize its Super Duper Secure Mode experiment in the coming months and then determine the fate of the feature: the bin or Edge.
He also admits to thinking of changing his team’s “tongue-in-cheek” name for a more professional one maybe. Microsoft users will be very upset if they find out that they’ve been exploited by the Super Duper Secure Mode, so the Microsoft team has to ensure preventing incurring any extra liability. But if successful, this mode will bring a welcome whimsy to the browser alongside the additional protection. And here’s information that may intrigue you: if you want to test the Super Duper Secure Mode yourself, all you need to do is enable it in edge://flags with Edge Canary, Dev, and Bet. But please send Microsoft your feedback using the Feedback menu in Edge.